Your information is safe with Gpass
Gpass is from SplashData, a company that has a well-established track record of delivering password management and security solutions to millions of individual and business customers since 2000.
Gpass is from SplashData, a company that has a well-established track record of delivering password management and security solutions to millions of individual and business customers since 2000.
Our infrastructure and security team includes people who've played lead roles in designing, building, and operating highly secure Internet facing systems.
We work closely with the best partners we can find — like amazon for hosting and Stripe for payments — that focus exclusively on maintaining leadership in their particular areas of security expertise.
Most importantly, we respect your privacy and the security of your records. Everything we do at Gpass is built around that respect and designed to maintain your privacy and security. We would never do anything with your data that we wouldn't be proud to tell the world about.
As you continue to learn more about Gpass, we recommend you also review our Terms of Use and Privacy Policy.
Infrastructure
• Gpass runs in cloud servers in AWS, whom we
believe to be the best in the business at managing
secure cloud services. Gpass does not run its own
routers, load balancers, DNS servers, or physical
servers.
• All our hosted services and data are managed in
AWS facilities in the USA. Our hosted services have been
built with disaster recovery in mind.
• All Gpass hosted servers are within a virtual
private cloud (VPC) with network access control lists
(ACL's), firewalls, and an Intrusion Detection System
(IDS) that together help prevent any unauthorized
requests.
• The Gpass services are protected by Cloudflare,
which secures and ensures the reliability of our
websites, APIs, and applications.
Service Levels
For our Gpass hosted services, we have uptime of 99.9%
or higher.
Data Security
• All customer data is stored in the USA.
• Customer data is stored in multi-tenant
datastores; we do not have individual datastores for
each customer. All data is stored using 256-bit AES
encryption with multiple keys. We maintain strict
privacy controls in our application code to ensure data
privacy. We have regular unit and integration tests to
ensure these privacy controls work as expected.
Data Transfer
• Our API and application endpoints are TLS/SSL
only and score an “A” rating on SSL Labs'
tests. This means we only use strong cipher suites and
have features such as HSTS and Perfect Forward Secrecy
fully enabled.
Authentication
• Gpass is served 100% over https and
authenticated using your Google account
• There are no corporate resources or additional
privileges from being on Gpass network.
• We maintain and enforce strong password
policies.
Application Monitoring
• On an application level, we produce audit logs
for all activity.
• All access to Gpass applications is logged and
audited.
• All actions taken on production consoles or in
the Gpass application are logged.
Build Process Automation
• We have automation in place so that we can
safely and reliably rollout changes to both our
application and operating platform within minutes.
• We typically deploy code to the production
environment multiple times a week.
Security Audits
• We engage with well-regarded “white hats” and
independent services to audit our code base and work
with us to resolve potential issues.
• Our ongoing auditing process allows us to do
ad-hoc security analysis, track changes made to our
setup and audit access to every layer of our stack.
Compliance
• Gpass complies with the U.S.-E.U. Safe Harbor
Framework and the U.S.- Swiss Safe Harbor framework as
set forth by the U.S. Department of Commerce regarding
the collection, use and retention of personal data from
European Union member countries and Switzerland.
• Gpass has certified that it adheres to the Safe
Harbor Privacy Principles of notice, choice, onward
transfer, security, data integrity, access, and
enforcement.
PCI Obligations
Gpass is not subject to PCI as all payment instrument
processing is performed by a trusted partner that
focuses exclusively on secure payment processing,
Stripe.